Орындаған: Төлеу Жәния Дизайн 103 топ


Comparative analysis of antivirus means of information protection



бет4/8
Дата01.03.2023
өлшемі91,22 Kb.
#70762
1   2   3   4   5   6   7   8
Байланысты:
Îðûíäà?àí Ò?ëåó Æ?íèÿ Äèçàéí 103 òîï

Comparative analysis of antivirus means of information protection.

When a virus infects a computer, it is very important to detect it in a timely manner. To do this, you should be aware of the main signs of the manifestation of viruses:
screen flicker;
slow computer operation:
the appearance of an unexpected message on the screen;
blocking keyboard input;
changing file sizes, program creation dates;
significant increase in files on disk;
frequent freezes and computer crashes;
file destruction or partial destruction;
blocking writing to the hard disk;

Especially dangerous for the user is such an action of the virus as formatting the hard disk, which can lead to a rapid loss of all the information stored there. Since no user is immune from virus penetration, it is possible to reduce the possible consequences of the presence of a virus in the computer. To do this, you need to follow some rules:
Each of your floppy disks, if it has "visited" another computer, should be checked with any antivirus program. Programs of this kind can not only detect a virus, but also "cure" a floppy disk.
Similar checks should be arranged for files received via the network.
Antivirus programs need to be updated periodically, as they age very quickly.
When working with e-mail, do not open files if the subject of the letter and the letter itself are empty, delete all suspicious files.
You should not engage in unlicensed and illegal copying of software from other computers.
Methods of protection against computer viruses.
Whatever the virus is, the user needs to know the basic methods of protection against computer viruses. To protect against viruses, you can use:
general means of information protection, which are also useful as insurance against physical damage to disks, malfunctioning programs or erroneous user actions;
preventive measures to reduce the likelihood of infection with the virus;
specialized programs for virus protection.

General information security tools have two main varieties:
copying information – creating copies of files and system areas of disks;
access control prevents unauthorized use of information, protection against changes to programs and data by viruses, malfunctioning programs.

Despite the fact that common protection tools are very important for protecting against viruses, they are still not enough. It is necessary to use specialized programs to protect against viruses. These programs can be divided into several types: detectors, doctors, auditors, filters, vaccines or immunizers.
Detector programs allow you to detect files infected with viruses. When detected, a corresponding message is displayed on the screen in any file. Many detectors have modes of treating or destroying infected files. The disadvantage of such programs is that they can detect only those viruses that are known to the developers of such programs.
Doctor programs (phages) not only find files infected with viruses, but also "treat" them, i.e. remove the body of the virus program from the file, returning the files to their original state. Among the phages, polyphages are distinguished, designed to search for and destroy a large number of viruses. The most famous of them are Aidstest, Doctor Web, Norton AntiVirus.
Audit programs are programs that analyze the current state of files and system areas of the disk and compare it with information previously stored in one of the data files of the auditor. The comparison of states is usually made immediately after the operating system is loaded. At the same time, the length of files, their creation time and other parameters are checked. Detected changes are displayed on the screen. Analyzing the message of the audit program, the user can decide what caused the changes. A widespread Adinf program.
Filter programs are resident programs that notify the user of all attempts by any program to write to a disk or format it, and also notifies of other suspicious actions. The advantage of this program is its versatility in relation to both known and unknown viruses. The disadvantages are the frequent issuance of requests for the implementation of any operation
Vaccine programs are resident programs that prevent infection of files. Vaccines are used if there are no doctor programs. Vaccination is only possible against known viruses.
Antivirus programs.
An antivirus program is a piece of software that is installed on a computer to search for computer viruses on disks and in incoming files and remove them when detected. Programs detect viruses by offering to cure files, and if it is impossible to delete them. It is desirable that the antivirus program detects any virus, and with the highest possible probability.
Antivirus programs, depending on the developer, use different ways to detect viruses. But most people scan files or computer memory to detect the presence of a known virus, recognizing it by a characteristic part of the code.
The probability of getting an old virus is relatively small, but new viruses appear every day. To maintain the effectiveness of the antivirus program, it is recommended to update antivirus programs or their virus databases. When choosing an antivirus program, it is necessary to take into account not only the percentage of virus detection, but also the ability to detect new viruses, the number of viruses in the antivirus database, the frequency of its updates, and the availability of additional functions.
Currently, a serious antivirus should be able to recognize at least 25,000 viruses. Many of them have already ceased to exist. There are many antivirus programs. Let's consider the most famous of them.
Aidtest
This program was invented in1988 and since then it has been constantly being improved and updated. In Russia, almost every personal computer has one of the versions of this program. One of the latest versions detects 15,000 viruses. This program is designed to fix programs infected with common viruses that do not change their code, because the virus search is conducted by identification codes. At the same time, a very high speed of file verification is achieved. When you run this program, the RAM is checked for the presence of known viruses, and neutralizes them. In this case, only the functions of the virus associated with reproduction are paralyzed, and other side effects may remain. Therefore, after the virus has been neutralized in memory, the program issues a reboot request.
Aidtest tests its body for the presence of known viruses, and also judges its infection with an unknown virus by distortions in its code. In this case, a false alarm is possible, for example, when the antivirus is compressed by the packer. The program does not have a graphical interface, and its operating modes are set using keys. By specifying the path, you can check not the entire disk, but a separate subdirectory.
Disadvantages of the program:
does not recognize polymorphic viruses;
does not know how to check and treat files in archives;
it is not equipped with a heuristic analyzer that allows it to find viruses unknown to it;
does not recognize viruses in programs processed by packers.
Advantages of the program:
easy to use;
works fast;
recognizes a significant part of viruses;
it works on almost any computer.
Doctor Web
Recently, the popularity of this program has been growing. This program was created in 1994 by I.A. Danilov. Dr. Web belongs to the class of doctor detectors, but unlike Aidtest it has a eurytic analyzer that allows detecting unknown viruses. The modes are controlled as well as in Aidtest using keys. The user can test both the entire disk and individual subdirectories or groups of files, or refuse to check disks and test only RAM. Like Aidtest, Dr. Web can create a work report. Checking the hard drive of Dr. The Web takes much more time than Aidtest, so not every user can afford to spend so much time on a daily check.
Unlike Aidtest, the Doctor Web program:
recognizes polymorphic viruses;
equipped with a heuristic analyzer;
can check and treat files in archives;
Microsoft Antivirus
This antivirus can work in the detector – doctor and inspector modes. At startup, the program loads its own sign generator and reads the directory tree of the current disk, after which it goes to the main menu. During the first check, it creates files in each directory, in which it records information about the size, date, as well as the checksum of the monitored files. During subsequent checks, the program will compare the files with the information in the executable files. If the size and date have changed, the program will inform the user about it and ask for further actions. In this program, you can set the mode for searching for invisible viruses or checking all files, you can set the mode for saving a report on the work done in a file. Contextual help is well implemented: there is a hint for any menu item, for any situation. While in the main menu, you can view the list of viruses. Information about the virus can be output to the printer by selecting the appropriate menu item.

1   2   3   4   5   6   7   8




©emirsaba.org 2024
әкімшілігінің қараңыз

    Басты бет